Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shared IPC namespace for containers in a pod #3817

Merged
merged 1 commit into from
Jan 27, 2015
Merged

Shared IPC namespace for containers in a pod #3817

merged 1 commit into from
Jan 27, 2015

Conversation

mrunalp
Copy link
Contributor

@mrunalp mrunalp commented Jan 27, 2015

#1615

This PR makes the containers in a pod share ipc namespace in addition to network namespace. The "network container" is renamed to "pod infra container" as per @thockin suggestion.
Here is some output from testing:

[root@kubernetes-minion-1 ~]# docker ps
CONTAINER ID        IMAGE                                  COMMAND                CREATED              STATUS              PORTS                    NAMES
5db6f3cea91c        dockerfile/nginx:latest                "nginx"                About a minute ago   Up About a minute                            k8s_mynginx.6617bbd0_1a59f6e9-a5b9-11e4-a611-0800279696e1.default.api_1a59f6e9-a5b9-11e4-a611-0800279696e1_b7f0a81d               
d99d954d65bc        google/cadvisor:0.8.0                  "/usr/bin/cadvisor"    7 minutes ago        Up 7 minutes                                 k8s_cadvisor.4c14154f_cadvisor-agent.file-6bb810db-kubernetes-minion-1.file_3fd0c171b08ee83650fd343a6fdf9653_aa7ac19c             
05187563d087        kubernetes/fluentd-elasticsearch:1.0   "/bin/sh -c '/usr/sb   9 minutes ago        Up 9 minutes                                 k8s_fluentd-es.f0e4cc_fluentd-to-elasticsearch.file-8cd71177-kubernetes-minion-1.file_a6e8b87c41aade4c1d35ead1804d8fc4_39c7aec3   
c81cc8a37ce4        kubernetes/pause:go                    "/pause"               14 minutes ago       Up 14 minutes       0.0.0.0:9191->80/tcp     k8s_POD.a29db6ef_1a59f6e9-a5b9-11e4-a611-0800279696e1.default.api_1a59f6e9-a5b9-11e4-a611-0800279696e1_b963898c                   
39b274cc5f5c        kubernetes/pause:go                    "/pause"               19 minutes ago       Up 19 minutes                                k8s_POD.a812958f_fluentd-to-elasticsearch.file-8cd71177-kubernetes-minion-1.file_a6e8b87c41aade4c1d35ead1804d8fc4_385ae96c        
5d9bc25d14ad        kubernetes/pause:go                    "/pause"               19 minutes ago       Up 19 minutes       0.0.0.0:4194->8080/tcp   k8s_POD.117b915_cadvisor-agent.file-6bb810db-kubernetes-minion-1.file_3fd0c171b08ee83650fd343a6fdf9653_88393ead                   
[root@kubernetes-minion-1 ~]# docker inspect 5db6f3cea91c | grep Mode
        "IpcMode": "container:c81cc8a37ce411133f366abe4d45e6ea91e6071485e4f29ed12b74419a5fa86b",
        "NetworkMode": "container:c81cc8a37ce411133f366abe4d45e6ea91e6071485e4f29ed12b74419a5fa86b",
[root@kubernetes-minion-1 ~]# docker inspect c81cc8a37ce4 | grep Pid
        "Pid": 13521,
[root@kubernetes-minion-1 ~]# docker inspect 5db6f3cea91c | grep Pid
        "Pid": 18463,
[root@kubernetes-minion-1 ~]# ls -l /proc/13521/ns
total 0
lrwxrwxrwx 1 root root 0 Jan 27 00:25 ipc -> ipc:[4026532395]
lrwxrwxrwx 1 root root 0 Jan 27 00:27 mnt -> mnt:[4026532393]
lrwxrwxrwx 1 root root 0 Jan 27 00:25 net -> net:[4026532398]
lrwxrwxrwx 1 root root 0 Jan 27 00:27 pid -> pid:[4026532396]
lrwxrwxrwx 1 root root 0 Jan 27 00:27 uts -> uts:[4026532394]
[root@kubernetes-minion-1 ~]# ls -l /proc/18463/ns
total 0
lrwxrwxrwx 1 root root 0 Jan 27 00:27 ipc -> ipc:[4026532395]
lrwxrwxrwx 1 root root 0 Jan 27 00:27 mnt -> mnt:[4026532510]
lrwxrwxrwx 1 root root 0 Jan 27 00:27 net -> net:[4026532398]
lrwxrwxrwx 1 root root 0 Jan 27 00:27 pid -> pid:[4026532513]
lrwxrwxrwx 1 root root 0 Jan 27 00:27 uts -> uts:[4026532511]

@thockin @vishh PTAL

@mrunalp mrunalp mentioned this pull request Jan 27, 2015
Closed
vmarmol
vmarmol reviewed Jan 27, 2015
View reviewed changes
pkg/kubelet/dockertools/docker.go
@@ -401,7 +401,7 @@ func inspectContainer(client DockerInterface, dockerID, containerName, tPath str
containerStatus.State.Running = &api.ContainerStateRunning{
StartedAt: util.NewTime(inspectResult.State.StartedAt),
}
if containerName == "net" && inspectResult.NetworkSettings != nil {
if containerName == "POD" && inspectResult.NetworkSettings != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we const name "POD"? Seems like we use it in a lot of places

@vishh
Copy link
Contributor

vishh commented Jan 27, 2015

Except for the few nits, LGTM!

thockin
thockin reviewed Jan 27, 2015
View reviewed changes
pkg/kubelet/kubelet.go
@@ -1112,7 +1113,7 @@ func (kl *Kubelet) syncPod(pod *api.BoundPod, dockerContainers dockertools.Docke
}
}
// TODO(dawnchen): Check RestartPolicy.DelaySeconds before restart a container
containerID, err := kl.runContainer(pod, &container, podVolumes, "container:"+string(netID))
containerID, err := kl.runContainer(pod, &container, podVolumes, fmt.Sprintf("container:%v", podInfraContainerID), fmt.Sprintf("container:%v", podInfraContainerID))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: could Sprintf it once into a variable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, fixing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@thockin
Copy link
Member

thockin commented Jan 27, 2015

LGTM! Thanks

brendandburns
brendandburns reviewed Jan 27, 2015
View reviewed changes
pkg/kubelet/kubelet.go
@@ -878,21 +879,21 @@ func (kl *Kubelet) killContainerByID(ID, name string) error {
}

const (
networkContainerName = "net"
NetworkContainerImage = "kubernetes/pause:latest"
podInfraContainerName = "POD" // caps are not allowed by users, but are OK for docker.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't duplicate this const declaration in multiple places...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about just keeping the one in dockertools package?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made that change. Let me know if you prefer to extract it out to some other package.

@brendandburns
Copy link
Contributor

LGTM, except the one small comment about not duplicating a constant.

@bgrant0607
Copy link
Member

Does this change our minimum required Docker version, or will this field just be silently ignored on old versions?

@mrunalp
Copy link
Contributor Author

mrunalp commented Jan 27, 2015

@bgrant0607 I believe so, but I can test that and confirm.

@mrunalp
Copy link
Contributor Author

mrunalp commented Jan 27, 2015

@bgrant0607 IpcMode is ignored when used with older docker version (1.3.*)

https://gist.github.com/mrunalp/53d128f4654971033f11

go run ipctest.go                                                                                                                                     
Container started successfully
[mrunal@dhcp-16-139 go]$ sudo docker ps
CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS              PORTS               NAMES
51b043956885        kubernetes/pause:go   "/pause"            5 seconds ago       Up 4 seconds                            ipctest             
a85c1b84f30a        kubernetes/pause:go   "/pause"            4 minutes ago       Up 4 minutes                            hungry_mclean       
[mrunal@dhcp-16-139 go]$ 
[mrunal@dhcp-16-139 go]$ 
[mrunal@dhcp-16-139 go]$ 
[mrunal@dhcp-16-139 go]$ 
[mrunal@dhcp-16-139 go]$ 
[mrunal@dhcp-16-139 go]$ docker inspect 51b043956885 | grep Mode
        "NetworkMode": "container:a85c1b84f30aa99223",
[mrunal@dhcp-16-139 go]$ 
[mrunal@dhcp-16-139 go]$ docker inspect 51b043956885 | grep Pid
        "Pid": 15107,
[mrunal@dhcp-16-139 go]$ docker inspect a85c1b84f30a | grep Pid
        "Pid": 14546,
[mrunal@dhcp-16-139 go]$ sudo ls -l /proc/15107/ns
total 0
lrwxrwxrwx. 1 root root 0 Jan 27 09:40 ipc -> ipc:[4026532585]
lrwxrwxrwx. 1 root root 0 Jan 27 09:40 mnt -> mnt:[4026532583]
lrwxrwxrwx. 1 root root 0 Jan 27 09:40 net -> net:[4026532484]
lrwxrwxrwx. 1 root root 0 Jan 27 09:40 pid -> pid:[4026532586]
lrwxrwxrwx. 1 root root 0 Jan 27 09:40 user -> user:[4026531837]
lrwxrwxrwx. 1 root root 0 Jan 27 09:40 uts -> uts:[4026532584]
[mrunal@dhcp-16-139 go]$ sudo ls -l /proc/14546/ns
total 0
lrwxrwxrwx. 1 root root 0 Jan 27 09:38 ipc -> ipc:[4026532481]
lrwxrwxrwx. 1 root root 0 Jan 27 09:38 mnt -> mnt:[4026532479]
lrwxrwxrwx. 1 root root 0 Jan 27 09:38 net -> net:[4026532484]
lrwxrwxrwx. 1 root root 0 Jan 27 09:38 pid -> pid:[4026532482]
lrwxrwxrwx. 1 root root 0 Jan 27 09:38 user -> user:[4026531837]
lrwxrwxrwx. 1 root root 0 Jan 27 09:38 uts -> uts:[4026532480]

@bgrant0607
Copy link
Member

Thanks.

@mrunalp
Copy link
Contributor Author

mrunalp commented Jan 27, 2015

@brendanburns @thockin Does this look good now?

@thockin
Copy link
Member

thockin commented Jan 27, 2015

LGTM

@bgrant0607
Copy link
Member

LGTM from me, also. Kicking travis.

thockin added a commit that referenced this pull request Jan 27, 2015
@thockin
Merge pull request #3817 from mrunalp/feature/shared_ipc
7e6f3af 
Shared IPC namespace for containers in a pod
@thockin thockin merged commit 7e6f3af into kubernetes:master Jan 27, 2015
@thockin thockin mentioned this pull request Jan 28, 2015
Closed
@brendandburns
Copy link
Contributor

This PR broke e2e because update.sh is depending on the presence of a container named "net"

I'll fix.

@thockin
Copy link
Member

thockin commented Jan 28, 2015

mea culpa - too happy to get it in.

On Tue, Jan 27, 2015 at 9:10 PM, Brendan Burns notifications@github.com
wrote:

This PR broke e2e because update.sh is depending on the presence of a
container named "net"

I'll fix.

Reply to this email directly or view it on GitHub
#3817 (comment)
.

@brendandburns
Copy link
Contributor

np, I'm running it in e2e right now...

On Tue, Jan 27, 2015 at 9:29 PM, Tim Hockin notifications@github.com
wrote:

mea culpa - too happy to get it in.

On Tue, Jan 27, 2015 at 9:10 PM, Brendan Burns notifications@github.com
wrote:

This PR broke e2e because update.sh is depending on the presence of a
container named "net"

I'll fix.

Reply to this email directly or view it on GitHub
<
#3817 (comment)

.


Reply to this email directly or view it on GitHub
#3817 (comment)
.

@mrunalp
Copy link
Contributor Author

mrunalp commented Jan 28, 2015

Sorry about that! Thanks for fixing.

@mrunalp mrunalp mentioned this pull request Jan 28, 2015
Merged
@erictune erictune mentioned this pull request Feb 11, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@thockin thockin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@mrunalp @vishh @thockin @brendandburns @bgrant0607 @vmarmol